----- Original Message ----- From: "alex" <alex@bennee.com> > # For outgoing packets we need to mark stuff > /sbin/iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK > --set-mark 1 > > /sbin/iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK > --set-mark 2 I'd also do like this: iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK --set-mark 1 iptables -t mangle -A to-dsl -p tcp --dport 22 -j RETURN iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 2 iptables -t mangle -A to-dsl -p tcp --dport 80 -j RETURN etc... Otherwise iptables will do the whole "to-dsl" list for every packet. In your case ot wouldn't matter except for some extra CPU usage. But if you would like to mark port 80 as bulk-traffic and ACK's as interactive traffic, then those port 80 ACK's could be marked as bulk which you wouldn't want it to. Which brings me to another subject :) If your DSL-connection have different bandwidth like 1mbit/128kbit then your download speed could be destroyed by huge queues in your uplink. I'd guess this would do the trick. # Set ACK as prioritized traffic (ACK's are less than 100 bytes) $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j MARK --set-mark 1 $IPTABLES -t mangle -A MANGLE_MARK -p tcp -m length --length :100 -j RETURN (You could probably mark ACK's with --tcp-flags SYN,FIN,RST ACK. But I have not tested that yet.) They also mention this here: http://lartc.org/wondershaper/ /Jonas
